System and method for identifying communication between virtual servers

ABSTRACT

Under the environment that IP addresses of virtual machines overlap, it makes it possible to carry out a communication between the virtual machines and for a network manager to grasp in a communication flow condition in real time. Specifically, the physical server assigns a virtual machine ID to the virtual server under the management, and assigns a reception-side virtual machine ID and a transmission-side virtual machine ID to a bit space of a transmission packet in the form of TCP/IP packet, when a communicating between the virtual servers through a network. Then, the physical server transmits the transmission packet onto the network. A physical switch is provided on the network connecting between the physical servers, and identifies the transmission packet based on the virtual machine ID contained in a bit space other than data of the transmission packet under the environment that IP addresses of the virtual machines overlap on the network, and collects data showing a network condition.

TECHNICAL FIELD

The present invention is related to an inter-virtual-servercommunication identifying system, and more particularly, to aninter-virtual-server communication identifying system in case of acommunication between a plurality of logical servers operating onphysical servers.

BACKGROUND ART

Generally, a plurality of logical servers operating on physical serversare often configured of virtual machines and so on. Conventionally,there are the following two problems in case of a communication betweenthe logical servers which operating on the physical servers.

(1) First Problem

The first problem is as follows. There is no case that a protocol headeris added as a new identifier to the existing traffic in the existingrouter and switch, in order to know the communication condition betweenthe logical servers. Therefore, it is difficult for a network manager tograsp in real time, the communication condition on which of routes isused for the communication, how is a communication quality, and where acommunication fault has occurred, even if the communication is carriedout by using a MAC (Media Access Control) address, an IP (InternetProtocol) address, a ULAN (Virtual Local Area Network) ID (identifier),and so on assigned to the logical server.

(2) Second Problem

The second problem is as follows. In case of an operation conditionunder the multi-tenant environment such as a data center, there is acase that the IP addresses overlap in case of the communication betweenvirtual machines in the multi-tenant environment. In such a case, it isimpossible to carry out the communication, unless the re-numbering ofthe IP address or address conversion through NAT (Network AddressTranslation) is carried out. However, in order to carry out there-numbering of the IP address, it is required to stop service so that alarge load is imposed. It should be noted that it is supposed that NATcontains NAPT (Network Address Port Translation) such as IP masquerade.Also, because NAT is dependent on application, the NAT could not be usedunless confirming that application is coordinated. Therefore, there wasa case which a problem had occurred in the communication among thevirtual machines under the multi-tenant environment.

Regarding (1), in the condition that a protocol header as a newidentifier is not added to the existing traffic, the router and switchfor relay have not a function of grasping a communication flow conditionbetween the virtual machines. Therefore, it is difficult to grasp acommunication path, a communication performance, and a communicationfault situation in real time.

Regarding (1), there is a VN-Tag technique of Cisco (registeredtrademark) which can solve the above problems by adding a protocolheader as a new identifier to the existing traffic (Non-PatentLiteratures 1 and 2). The function of grasping the communicationcondition is realized in the VN-Tag technique by introducing a specialrouter and switch which can insert the new header into the existingpacket is proposed. However, because the new header cannot be grasped bythe existing router or switch which cannot grasp the VN-Tag, thecommunication flow condition between the virtual machines cannot begrasped in the general environment which coexists with the existingnetwork.

Therefore, it is required to allow a network manager to grasp thecommunication flow condition between the virtual machines in real timewhile keeping backward compatibility in the existing Internet network.

Regarding (2), in the multi-tenant environment which provides a server,a storage and network environment for a plurality of enterprises by thedata center and so on, there is a case that addresses assigned to thevirtual machines overlap. In each company, the address assignment in theintranet is typically implementing by using a space of private IPaddresses.

It should be noted that the private IP address is an IP address used inthe network not connected directly with the Internet (e.g. the in-housenetwork) such as a perfectly closed network which is not connected withan external network (the Internet), and a network connected indirectlywith the external network (the Internet) through a router and so on. Theprivate IP address is also referred to as a private address.

Even if the addresses are uniquely assigned in the in-house system,there is a case that the addresses overlap between the companies.Therefore, when the IP addresses assigned to virtual machines on aserver outsourced to the data center overlap, the inter-virtual-machinecommunication between companies (multi-tenants) cannot be conventionallycarried out unless the address re-numbering and NAT are carried out.However, there is a problem on operation in case of either of theaddress re-renumbering or the NAT.

Therefore, in the multi-tenant network of the data center, it isrequired that the virtual machine communication between multi-tenantscan be carried out even under the environment that the IP addresses ofthe virtual machines overlap, and a network manager can grasp thecommunication flow condition in real rime.

As the related techniques, JP 2008-278478A (Patent Literature 1)discloses a computing system and a communication control method. In thisrelated technique, data showing a pair of a virtual machine and aphysical machine on which the virtual machine operates is recorded in amemory shared by the virtual machine and a virtual machine environmentalcontrol function. Also, it is determined whether or not a counter-endvirtual machine exists on the same physical machine as the virtualmachine, based on the above-mentioned recorded data. Also, amultiplicity is changed by the determination. Moreover, when the virtualmachine migrates to another physical machine, the above-mentionedrecorded data is rewritten.

JP 2007-158870A (Patent Literature 2) discloses a virtual computersystem and a network communication method. In this related technique,switching is carried out between a VLAN communication according to aVLAN ID set to a virtual network interface card (NIC) and a VLANcommunication according to a VLAN ID set by an OS on the virtual machinewhich uses the virtual network interface card, based on whether or notto the VLAN ID is set to the virtual network interface card.

It should be noted that in this related technique, VLAN is realized byusing a tag VLAN which is standardized in IEEE 802.1Q. In acommunication packet prescribed in IEEE 802.1Q, a VLAN tag field isadded to a communication packet which does not contain the VLAN tag(VLAN Tag). The VLAN tag field is composed of a tag type and tag controldata, and bits of the tag control data are assigned for the VLAN ID.

CITATION LIST

[Patent Literature 1] JP 2008-278478A

[Patent Literature 2] JP 2007-158870A

[Non-Patent Literature 1] Cisco (registered trademark) VN-Link:Virtualization correspondence networkinghttp://www.cisco.com/web/JP/solution/places/datacenter/literature/white_paper_c11-525307.html

[Non-Patent Literature 2] Recognition of virtual machine individuallyand realization of network which can be cared every virtual machine<http://www.cisco.com/web/JP/news/cisco_news_letter/tech/vnlink/index.html>

SUMMARY OF THE INVENTION

A first object of the present invention is to make it possible for anetwork manager to grasp a communication flow condition between virtualmachines in real time while keeping backward compatibility in theexisting Internet network.

A second object of the present invention is to make it possible for anetwork manager to grasp a communication flow condition in real timewhile an inter-multi-tenant communication between virtual machines canbe carried out even under the environment that IP addresses of thevirtual machines overlap in a multi-tenant network of a data center.

An inter-virtual-server communication identifying system of the presentinvention includes a reception-side physical server, a transmission-sidephysical server and a physical switch. The reception-side physicalserver assigns a reception-side virtual machine ID (identifier) to areception-side virtual server. The transmission-side physical serverassigns a transmission-side virtual machine ID to a transmission-sidevirtual server. Also, the transmission-side physical server assigns thereception-side virtual machine ID and the reception-side virtual machineID to at least a part of a bit space of a field other than a data fieldof a transmission packet in a form of TCP/IP (Transmission ControlProtocol/Internet Protocol) packet, when go aerating the transmissionpacket from the transmission-side virtual server to the reception-sidevirtual server, and transmits the transmission packet. The physicalswitch is provided on a network connecting the transmission-sidephysical server and the reception-side physical server, and identifiesthe transmission packet based on the reception-side virtual machine IDand the reception-side virtual machine ID which are contained in the bitspace, when relaying the transmission packet between thetransmission-side physical server and the reception-side physicalserver, and grasps data indicating a network condition.

A physical server of the present invention is provided with a virtualserver, a virtual switch, and an NIC. The virtual server is assignedwith a virtual machine ID (identifier). The virtual switch controls acommunication of the virtual server, and outputs a transmission packetin a form of TCP/IP (Transmission Control Protocol/Internet Protocol)packet, in case of a communication between the virtual server andanother virtual server through a network. The NIC transmits thetransmission packet onto the network.

In an inter-virtual-server communication identifying method, areception-side virtual machine ID (identifier) is assigned to areception-side virtual server by a reception-side physical server. Atransmission-side virtual machine ID is assigned to a transmission-sidevirtual server by a transmission-side physical server. A transmissionpacket is transmitted by assigning the reception-side virtual machine IDand the transmission-side virtual machine ID to at least a part of a bitspace of a field other than a data field of the transmission packet in aform of TCP/IP (Transmission Control Protocol/Internet Protocol) packet,when generating the transmission packet from the transmission-sidevirtual server to the reception-side virtual server. The transmissionpacket is identified based on the reception-side virtual machine ID andthe transmission-side virtual machine ID which are contained in the bitspace, to collect data indicating a network condition, by a physicalswitch provided on a network connecting the transmission-side physicalserver and the reception-side physical server, when relaying thetransmission packet between the transmission-side physical server andthe reception-side physical server.

A program of the present invention is a program to make a computerexecute the steps of: controlling a communication of a virtual serverassigned with a virtual machine ID (identifier); and transmitting on anetwork, a transmission packet which the virtual machine ID is assignedto at least a part of a bit space of a field other than a data field ofthe transmission packet in a form of TCP/IP (Transmission ControlProtocol/Internet Protocol) packet, in case of a communication betweenthe virtual server and another virtual server through the network.

The communication flow condition between the virtual machines can begrasped in the network by using a field where the existing router andswitch can grasp.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing a configuration example of aninter-virtual-server communication identifying system of the presentinvention;

FIG. 2 is a diagram showing a first exemplary embodiment of the presentinvention;

FIG. 3 is a sequence diagram showing a communication flow control in thefirst exemplary embodiment of the present invention;

FIG. 4 is a diagram showing a second exemplary embodiment of the presentinvention;

FIG. 5 is a sequence diagram showing the communication flow control inthe second exemplary embodiment of the present invention;

FIG. 6 is a diagram showing a third exemplary embodiment of the presentinvention;

FIG. 7 is a sequence diagram showing the communication flow control inthe third exemplary embodiment of the present invention;

FIG. 8 is a diagram showing a fourth exemplary embodiment of the presentinvention;

FIG. 9 is a sequence diagram showing the communication flow control inthe fourth exemplary embodiment of the present invention;

FIG. 10 is a diagram showing a configuration example of a data center inmulti-tenant environment;

FIG. 11 is a diagram showing a fifth exemplary embodiment of the presentinvention;

FIG. 12A is a sequence diagram showing the communication flow control inthe fifth exemplary embodiment of the present invention;

FIG. 12B is a sequence diagram showing the communication flow control inthe fifth exemplary embodiment of the present invention;

FIG. 13 is a diagram showing a configuration example of theinter-virtual-server communication identifying system of the presentinvention; and

FIG. 14 is a diagram showing a sixth exemplary embodiment of the presentinvention.

DESCRIPTION OF EXEMPLARY EMBODIMENTS

Hereinafter, exemplary embodiments of the present invention will bedescribed with reference to the attached drawings.

As shown in FIG. 1, an inter-virtual-server communication identifyingsystem of the present invention is provided with a first physical server10, a second physical server 20, and a network 30.

Here, as an example of the first physical server 10 and the secondphysical server 20, computers such as a PC (personal computer), a clientserver, a work station, a mainframe, and a supercomputer areexemplified. It should be noted that it is sufficient that each of thefirst physical server 10 and the second physical server 20 is sufficientto be a server which can be connected with the network and can realizethe environment under which virtual machines are possible to operate.Therefore, as another example of the first physical server 10 and thesecond physical server 20, a mobile terminal, a car navigation system, ahome game machine, an interactive TV, a digital tuner, a digitalrecorder, information home appliance, an OA (Office Automation)equipment and so on are exemplified. Also, the first physical server 10and the second physical server 20 may be mounted on moving bodies suchas a vehicle, a ship, and an aircraft. However, actually, it is notlimited to these examples.

Also, as an example of the network 30, the Internet, a LAN (Local AreaNetwork), a wireless LAN, a WAN (Wide Area Network), a backbone, afixation telephone network, a mobile telephone network, WiMAX (IEEE802.16a) 3G (3rd Generation), a lease line, a community antennatelevision (CATV) line, an IrDA (Infrared Data Association), a Bluetooth(registered trademark), a serial communication circuit and so on areexemplified. However, actually, the present invention is not limited tothese examples.

The first physical server 10 is provided with virtual servers 11 (11-i,i=1 to n: n is an optional natural number), a virtual switch 12, a NIC(Network Interface Card) 13, and a communication flow monitoring section14. In the same way, the second physical server 20 is provided withvirtual servers 21 (21-i, i=1 to n), a virtual switch 22, a NIC 23 and acommunication flow monitoring section 24. The network 30 contains aphysical switch 31 and a physical switch 32.

The virtual servers 11 (11-i, i=1 to n) are virtual machines whichoperate on the first physical server 10. In the same way, the virtualservers 21 (21-i, i=1 to n) are virtual machines which operate on thesecond physical server 20. Here, as an example of the virtual servers 11(11-i, i=1 to n), a virtual server “A” 11-1, a virtual server “B” 11-2,and a virtual server “C” 11-3 are shown. Also, as an example of thevirtual servers 21 (21-i, i=1 to n), the virtual server “D” 21-1, thevirtual server “E” 21-2 and the virtual server “F” 21-3 are shown. Itshould be noted that actually, the number of virtual servers 21 (21-i,i=1 to n) does not have to be the same as the number of virtual servers11 (11-i, I=1 to n).

The virtual switch 12 carries out a communication control of each of thevirtual servers 11 (11-i, i=1 to n) on the first physical server 10. Inthe same way, the virtual switch 22 carries out the communicationcontrol of each of the virtual servers 21 (21-i, i=2-n) on the secondphysical server 20. As an example of each of the virtual switch 12 andthe virtual switch 22, a hypervisor, a virtual machine monitor (VMM) andso on are exemplified. Here, it is assumed that the virtual switch 12and the virtual switch 22 control the generation, operation, migration,top and deletion of the virtual servers 11 (11-i, i=1 to n) and thevirtual servers 21 (21-i, i=2 to n). However, actually, the presentinvention is not limited to these examples.

The virtual switch 12 is provided with a virtual machine ID assigningsection 121, a MAC address assigning section 122, and an IP addressassigning section 123. In the same way, the virtual switch 22 isprovided with a virtual machine ID assigning section 221, a MAC addressassigning section 222, and an IP address assigning section 223.

Each of the virtual machine ID assigning section 121 and the virtualmachine ID assigning section 221 newly assigns a VLAN ID which theexisting router and switch can grasp and identify, as a virtual machineID (VMid) of a corresponding one of the virtual servers. The virtualmachine ID is identification data which is different from a MAC addressand an IP address and does not depend on the existing communicationprotocol.

Each of the MAC address assigning section 122 and the MAC addressassigning section 222 assigns a MAC address to a corresponding one ofthe virtual servers. This MAC address is a private MAC address. Theprivate MAC address can be freely set basically.

Each of the IP address assigning section 123 and the IP addressassigning section 223 assigns an IP address to a corresponding one ofthe virtual servers. The IP address is a private IP address. The firstphysical server 10 and the second physical server 20 can know the MACaddress of a counter-side virtual server by use of a command of ARP(Address Resolution Protocol) and a table, if the IP address of thecounter-side virtual server is known.

It should be noted that a case that the plurality of physical serversuse a private IP address is thought of. Also, it would be thought ofthat the virtual machine ID and the MAC address of each virtual serverare used as destination data of each virtual server in the physicalserver, and the IP address assigned to the NIC in the physical serverand the IP address of a host are shared. Therefore, there would be acase that the IP addresses of the respective virtual servers overlap.

Each of the NIC 13 and the NIC 23 is an extension card for connectingthe computer with a LAN (Local Area Network). It should be noted thateach of the NIC 13 and the NIC 23 may be a communication interface toconnect with an antenna for the radio communication and the networkexcept the LAN. Here, actually, the present invention is not limited tothese examples.

Here, the NIC 13 is connected with the physical switch 31 in the network30. The physical switch 31 in the network 30 is connected with thephysical switch 32 in the network 30. The physical switch 32 in thenetwork 30 is connected with the NIC 23. Here, as the relay physicalswitches, two of the physical switches 31 and the physical switches 32are exemplified. However, actually, the number of physical switches maybe one or equal to or more than three.

It should be noted that as an example of physical switch 31 and thephysical switch 32, an open flow switch is exemplified. In this case, anopen flow controller as a server for controlling the communication flowprocessing exists together with the open flow switches. Theabove-mentioned open flow controller is supposed to be contained in thenetwork 30. Besides, as an example of each of the physical switch 31 andthe physical switch 32, a router, a switching hub, and so on areexemplified. However, actually, the present invention is not limited tothese examples.

The details of the open flow switch are described in the followingliterature. “OpenFlow Switch Specification Version 0.9.0 (Wire Protocol0x98)” (Jul. 20, 2009 Current Maintainer) by Brandon Heller(brandonh@stanford.edu)”<http://www.openflowswitch.org/documents/openflow-spec-v0.9.0.pdf>

In case of the reception, each of the communication flow monitoringsection 14 and the communication flow monitoring section 24 confirms thevirtual machine ID (VMid) contained in the reception packet.

The communication flow monitoring section 14 is provided with at leastone of a VLAN tag inserting and removing section 141 and a MAC headerconverting section 142. Similarly, the communication flow monitoringsection 24 is provided with at least one of a VLAN tag inserting andremoving section 241 and a MAC header converting section 242.

Each of the VLAN tag inserting and removing section 141 and the VLAN taginserting and removing section 241 inserts a virtual machine ID (VMid)as a VLAN tag into a transmission packet in case of transmission, andremoves the virtual machine ID (VMid) from the reception packet in caseof reception.

Each of the MAC header converting section 142 and the MAC headerconverting section 242 converts a part or whole of each of “MAC DA(Destination Address)” and “MAC SA (Source Address)” contained in theMAC-DA/SA field as an MAC header field into a virtual machine ID (VMid)of a virtual server. Here, it is assumed that each of the MAC headerconverting section 142 and the MAC header converting section 242converts a part or whole of “MAC DA” into a virtual machine ID (VMid) ofa transmission destination virtual server in case of transmission, andconverts a part or whole of “MAC SA” into a virtual machine ID (VMid) ofa transmission source virtual server.

It should be noted that the communication flow monitoring section 14 maybe contained in either of the virtual switch 12 or the NIC 13. In thesame way, the communication flow monitoring section 24 may be containedin either of the virtual switch 22 or the NIC 23.

Also, it could be thought of that the communication flow monitoringsection provided between the NIC 13 and the physical switch 31 and thecommunication flow monitoring section 24 is provided between the NIC 23and the physical switch 32. Or, it could be thought of that thecommunication flow monitoring section 14 is provided in the physicalswitch 31 (physical switch closest to the first physical server 10)directly connected with the NIC 13, and the communication flowmonitoring section 24 is provided in the physical switch 32 (physicalswitch closest to the second physical server 20) directly connected withthe NIC 23.

Here, it is supposed that each of the virtual servers 11 (11-i, i=1 ton), the virtual servers 21 (21-i, i=1 to n), the virtual switch 12, thevirtual switch 22, the communication flow monitoring section 14 and thecommunication flow monitoring section 24 is realized by a processordriven based on a software program to execute predetermined processingand a memory which stores the program and various data.

As an example of the above-mentioned processor, a CPU (CentralProcessing Unit), a microprocessor, a microcontroller or a semiconductorintegrated circuit (Integrated Circuit (IC)) and so on which have asimilar function are exemplified.

As an example of the above-mentioned memory, semiconductor memorydevices such as RAM (Random Access Memory), ROM (Read Only Memory),EEPROM (Electrically Erasable and Programmable Read Only Memory) andflash memory, auxiliary storage units such as HDD (Hard Disk Drive) andSSD (Solid State Drive), and storage media such as DVD (DigitalVersatile Disk) and a memory card and so on are exemplified.

Also, the above-mentioned memory may be a storage provided in aperipheral device (external HDD, and so on,) and a server (Web server,file server, and so on) in the network, in addition to a storageprovided in the computer. Or, the above-mentioned memory may be astorage unit using DAS (Direct Attached Storage), FC-SAN (FibreChannel-Storage Area Network), NAS (Network Attached Storage), IP-SAN(IP-Storage Area Network), and so on.

However, actually, the present invention is not limited to theseexamples.

First Exemplary Embodiment Use of Virtual Machine ID (VMid) for VLAN TagStack

Referring to FIG. 2, a case that the virtual machine ID (VMid) isstacked and used as a VLAN tag will be described.

In a first exemplary embodiment of the present invention, the virtualmachine ID assigning section newly assigns a VLAN ID which the existingrouter and switch can grasp and identify, as ID (VMid) of each virtualmachine. In case of communication from the virtual server “A” to thevirtual server “D”, the communication is carried out by inserting a2-stage tag of “VMid-A” and “VMid-D” in the packet. That is, the 2-stagetag is two virtual machine IDs (VMid) stacked as the VLAN tag.

Specifically, it is as follows. For example, in case of thecommunication from the virtual server “A” to the virtual server “D”, atransmission packet which contains “MAC DA”-“MAC SA”-“User Data (Datapacket)” is transmitted as a TCP/IP (Transmission ControlProtocol/Internet Protocol) packet from the physical server on thetransmission side, as in (1) of FIG. 2. In this case, the VLAN taginserting and removing section is provided for either of the virtualswitch or the NIC in FIG. 1, and a 2-stage tag like (2) of FIG. 2 isinserted into the transmission packet by the VLAN tag inserting andremoving section in transmission (VLAN tag 2-stage insertion), and thetransmission packet is transmitted to the physical switch in thenetwork.

The relay physical switch grasps a network condition by monitoring onlythe VLAN tag field of the TCP/IP packet. That is, the relay physicalswitch monitors the VLAN tag field of the TCP/IP packet and collectsdata of the network condition.

For example, in the open flow switch, an optional combination of the MACaddress field, the VLAN tag field, the IP address field, and the portnumber field is set as identification data, in the TCP/IP packet andpackets which have identical identification data are grasped as theconcept of a “flow”.

In this case, the relay physical switch monitors only the VLAN tag fieldof a TCP/IP packet, grasps a packet in which a combination of thevirtual machine IDs contained in the VLAN tag field is same, as the sameflow, collects data of the network condition from the flow and adestination of this flow, and transmits the collected data to the openflow controller. The open flow controller analyzes and displays thecollected data of network condition on the management screen accordingto the necessity.

After removing the 2-stage tag from a reception packet by the VLAN taginserting and removing section in the NIC or the virtual switch, saidreception-side physical server transmits the reception packet to thereception-side virtual server “D”.

FIG. 3 is a sequence diagram of a communication flow control in thefirst exemplary embodiment of the present invention.

(1) Step S101

In the first physical server 10 shown in FIG. 1, the virtual machine IDassigning section 121 of the virtual switch 12 assigns a virtual machineID to each of the virtual servers 11 (11-i, i=1 to n).

(2) Step S102

Also, the MAC address assigning section 122 of the virtual switch 12assigns a MAC address to each of the virtual servers 11 (11-i, i=1 ton).

(3) Step S103

Also, the IP address assigning section 122 of the virtual switch 12assigns an IP address to each of the virtual servers 11 (11-i, i=1 ton).

(4) Step S104

In the same way, in the second physical server 20, the virtual machineID assigning section 221 of the virtual switch 22 assigns a the virtualmachine ID to each of the virtual servers 21 (21-i, i=1 to n).

(5) Step S105

Also, the MAC address assigning section 222 of the virtual switch 22assigns a MAC address to each of the virtual servers 21 (21-i, i=1 ton).

(6) Step S106

Also, the IP address assigning section 222 of the virtual switch 22assigns an IP address to each of the virtual servers 21 (21-i, i=1 ton).

(7) Step S107

In case of a communication from the virtual server “A” 11-1 to thevirtual server “D” 21-1, in the first physical server 10, thetransmission-side virtual server “A” 11-1 generates a TCP/IP packetwhich contains “MAC DA”-“MAC SA”-“User Data”, and outputs it to thevirtual switch 12 as a transmission packet. It should be noted thatactually, in response to a data transmission request from thetransmission-side virtual server 11, the virtual switch 12 may generatea TCP/IP packet every requesting virtual server 11.

(8) Step S108

The communication flow monitoring section 14 confirms the transmissionpacket from the virtual switch 12. The VLAN tag inserting and removingsection 141 of the communication flow monitoring section 14 inserts a2-stage tag in the transmission packet and outputs it to the NIC 13.

(9) Step S109

The NIC 13 transmits the transmission packet to the physical switch 31on the network.

(10) Step S110

The physical switch 31 transmits the transmission packet to the physicalswitch 32. The physical switch 32 transmits the transmission packet tothe reception-side second physical server 20. At this time, the physicalswitch 31 and the physical switch 32 grasp a network condition bymonitoring the VLAN tag field of the transmission packet. That is, thephysical switch 31 and the physical switch 32 monitor the VLAN tag fieldof the TCP/IP packet and collect data of the network condition.

(11) Step S111

In the reception-side second physical server 20, the NIC 23 receives thetransmission packet and outputs it to the communication flow monitoringsection 24 as a reception packet.

(12) Step S112

The communication flow monitoring section 24 confirms the receptionpacket which arrives at the NIC 23. The VLAN tag inserting and removingsection 241 of the communication flow monitoring section 24 removes ordeletes the 2-stage tag from the reception packet and then outputs thereception packet to the virtual switch 12. The virtual switch 12transmits the reception packet to the reception-side virtual server “D”21-1.

Through the above operation, the communication flow condition betweenthe virtual machines can be grasped in the network by use of the fieldwhere the existing router and switch can grasp.

Second Exemplary Embodiment Conversion of MAC Header into VirtualMachine ID (VMid)

Referring to FIG. 4, a case that a part or whole of the MAC header isconverted into a virtual machine ID (VMid) will be described. Here, acase of an MAC header will be described as an example, but a case of theIP header is similar basically. It is supposed that a MAC header meansthe MAC address field of the TCP/IP packet and the IP header means theIP address field of the TCP/IP packet.

In a second exemplary embodiment of the present invention, the virtualmachine ID assigning section assigns an ID (VMid) of each of the virtualmachines to a part or whole of the MAC address field which the existingrouter and switch can grasp and identify. In case of the communicationfrom the virtual server “A” to the virtual server “D”, the communicationis carried out by converting parts of “MAC DA” and “MAC SA” of thepacket on the way.

Specifically, it is as follows. For example, in case of thecommunication from the virtual server “A” to the virtual server “D”, inthe transmission-side physical server, a packet which contains “MACDA”-“MAC SA”-“User Data” as shown in (1) of FIG. 4 is transmitted as theTCP/IP packet. In this case, the MAC header converting section isprovided for either of the virtual switch or the NIC. By converting thepart or whole of “MAC DA” into the virtual machine ID “VMid-D” of thevirtual server “D” by the MAC header converting section in transmission,as shown in (2) of FIG. 4, and by converting a part or whole of “MAC SA”into the virtual machine ID “VMid-A” of the virtual server “A”, thetransmission packet is transmitted to the physical switch in thenetwork.

The relay physical switch grasps and finds the network condition bymonitoring only the MAC-DA/SA field as a MAC header field of the TCP/IPpacket. That is, the relay physical switch monitors the MAC header areaof the TCP/IP packet and collects data of the network condition.

In said reception-side physical server, after converting MAC-DA/SA(parts of “MAC DA” and “MAC SA”) of the reception packet into theoriginal address, the MAC header converting section in the NIC or thevirtual switch transmits to the reception-side virtual server “D”.

FIG. 5 is a sequence diagram showing the communication flow control inthe second exemplary embodiment of the present invention.

(1) Step S201

In the first physical server 10 shown in FIG. 1, the virtual machine IDassigning section 121 of the virtual switch 12 assigns a virtual machineID to each of the virtual servers 11 (11-i, i=1 to n).

(2) Step S202

Also, the MAC address assigning section 122 of the virtual switch 12assigns a MAC address to each of the virtual servers 11 (11-i, i=1 ton).

(3) Step S203

Also, the IP address assigning section 122 of the virtual switch 12assigns an IP address to each of the virtual servers 11 (11-i, i=1 ton).

(4) Step S204

In the same way, in the second physical server 20, the virtual machineID assigning section 221 of the virtual switch 22 assigns a virtualmachine ID to each of the virtual servers (21-i, i=1 to n).

(5) Step S205

Also, the MAC address assigning section 222 of the virtual switch 22assigns a MAC address to each of the virtual servers 21 (21-i, i=1 ton).

(6) Step S206

Also, the IP address assigning section 222 of virtual switch 22 assignsan IP address to each of the virtual servers 21 (21-i, i=1 to n).

(7) Step S207

In case of communication from the virtual server “A” 11-1 to the virtualserver “D” 21-1, in the first physical server 10 shown in FIG. 1, thetransmission-side virtual server “A” 11-1 generates a TCP/IP packetwhich contains “MAC DA”-“MAC SA”-“User Data” and outputs it to thevirtual switch 12 as the transmission packet. Actually, the virtualswitch 12 may generate the TCP/IP packet every requesting virtual server11 in response to a data transmission request from the transmission-sidevirtual server 11.

(8) Step S203

The communication flow monitoring section 14 confirms the transmissionpacket from the virtual switch 12. The MAC header converting section 142of the communication flow monitoring section 14 converts a part or wholeof “MAC DA” into the virtual machine ID “VMid-D” of the virtual server“D” 21-1, and converts a part or whole of “MAC SA” into the virtualmachine ID “VMid-A” of the virtual server “A” 11-1, and outputs thetransmission packet after the conversion to the NIC 13.

(9) Step S209

The NIC 13 transmits the transmission packet to the physical switch 31in the network.

(10) Step S210

The physical switch 31 transmits the transmission packet to the physicalswitch 32. The physical switch 32 transmits the transmission packet tothe reception-side second physical server 20. At this time, each of thephysical switch 31 and the physical switch 32 grasps and finds a networkcondition by monitoring MAC-DA/SA field which is the MAC header field.That is, the physical switch 31 and the physical switch 32 monitor theMAC-DA/SA field of the TCP/IP packet and collect data of the networkcondition.

(11) Step S211

In the reception-side second physical server 20, the NIC 23 receives andoutputs the transmission packet to the communication flow monitoringsection 24 as a reception packet.

(12) Step S212

The communication flow monitoring section 24 confirms the receptionpacket which arrives in the NIC 23. The MAC header converting section242 of the communication flow monitoring section 24 converts theMAC-DA/SA field (parts of “MAC DA” and “MAC SA”) of the reception packetinto an original condition and outputs the reception packet to thevirtual switch 12. The virtual switch 12 transmits the reception packetto the reception-side virtual server “D” 21-1.

Through the above operation, the communication flow condition betweenthe virtual machines can be grasped in the network by using the fieldcalled MAC-DA/SA where existing router and switch can grasp andidentify.

It should be noted that in the present exemplary embodiment, a casewhere a part or whole of the MAC header is converted into the virtualmachine ID (VMid) will be described. However, actually, the part orwhole of the IP header may be converted into the virtual machine ID(VMid). That is, a part or whole of at least one of the MAC header andthe IP header (both are permitted) may be converted into the virtualmachine ID (VMid).

At this time, for example, it is technically possible that a part orwhole of the transmission-side MAC address field is converted into thetransmission-side virtual machine ID (VMid), and a part or whole of thereception-side IP address field is converted into the reception-sidevirtual machine ID (VMid). Oppositely, it is possible that a part orwhole of the transmission-side IP address field is converted into thetransmission-side virtual machine ID (VMid) and a part or whole in thereception-side MAC address field is converted into the reception-sidevirtual machine ID (VMid).

Third Exemplary Embodiment Assignment of MAC Address to Virtual MachineID (VMid)

Referring to FIG. 6, a case where the virtual machine ID (VMid) isassigned to the MAC address in advance will be described. Here, althoughthe case where the virtual machine ID (VMid) is assigned to the MACaddress will be described, a case where the virtual machine ID (VMid) isassigned to the IP address is same basically.

In a third exemplary embodiment of the present invention, the virtualmachine ID assigning section assigns the ID (VMid) of each virtualmachine to a part or whole of the MAC address field which the existingrouter or switch can grasp and identify. In case of a communication fromthe virtual server “A” to the virtual server “D”, the packet with “MACDA” and “MAC SA”, each of which is a MAC address assigned with eachvirtual machine ID (VMid) is transmitted as just as it is.

Specifically, it is as follows. For example, the transmission-sidephysical server provides the MAC address assigning section for thevirtual switch, and the MAC address assigning section assigns thevirtual machine ID of the virtual server to a part or whole of the MACaddress which is assigned to each of the virtual servers, as in (1) ofFIG. 6, in case of assigning an the MAC address to each of the virtualservers.

In this example, the MAC address assigning section generates the MACaddresses corresponding to the virtual machine IDs assigned to thevirtual servers “A” and the virtual servers “D”, and the generated theMAC addresses are assigned to the virtual servers “A” and the virtualservers “D”, respectively.

It should be noted that as for the generated MAC address, there are acase that a part of the MAC address field corresponds to the virtualmachine ID and a case that the whole of the MAC address fieldcorresponds to the virtual machine ID. In the case of the communicationfrom the virtual server “A” to the virtual server “D”, thetransmission-side virtual server “A” outputs the TCP/IP packet whichcontains the virtual machine ID, to MAC-DA/SA (parts of “MAC DA” and the“MAC SA”).

The relay physical switch grasps a network condition by monitoring onlythe MAC-DA/SA field contained in the MAC address field of the TCP/IPpacket. That is, the relay physical switch monitors the MAC-DA/SA fieldof the TCP/IP packet and collects data of the network condition.

The reception-side physical server transmits the TCP/IP packet to thereception-side virtual server “D”.

In the second exemplary embodiment, a part or whole of the MAC addressfield of the transmission packet is converted into the virtual machineID in transmission, while in the third exemplary embodiment, the virtualmachine ID is incorporated into the MAC address assigned to each of thevirtual servers in advance.

The MAC address which is assigned to each of the virtual servers is aprivate MAC address, and the virtual machine ID can be used for a partor whole of the MAC address field because it is basically possible toset freely.

For example, generally, the MAC address is configured of a bender ID ofupper 3 octets (24 bits: 1 octet=9 bits) and a hardware ID of lower 3octet (24 bits).

Therefore, it is thought of to use a virtual machine ID for a part orwhole of the hardware ID. Or, it is thought of to simply use the virtualmachine ID for several bits from the head or end of the MAC address.

However, actually, the present invention is not limited to theseexamples.

FIG. 7 is a sequence diagram showing the communication flow controlaccording to the third exemplary embodiment of the present invention.

(1) Step S301

At the first physical server 10 shown in FIG. 1, the virtual machine IDassigning section 121 of the virtual switch 12 assigns the virtualmachine ID to each of the virtual servers 11 (11-i, i=1 to n).

(2) Step S302

Also, in case of assigning the MAC address to each of the virtualservers 11 (11-i, i=1 to n), the MAC address assigning section 122 ofthe virtual switch 12 assigns the MAC address using the virtual machineID “VMid-A” of the virtual server “A” 11-1 for part or whole of the MACaddress field of the virtual server “A” 11-1.

(3) Step S303

Also, the IP address assigning section 122 of the virtual switch 12assigns the IP address to each of the virtual servers 11 (11-i, i=1 ton).

(4) Step S304

In the same way, in the second physical server 20, the virtual machineID assigning section 221 of the virtual switch 22 assigns the virtualmachine ID to each of the virtual servers 21 (21-i, i=1 to n).

(5) Step S305

Also, the MAC address assigning section 222 of the virtual switch 22assigns the MAC address using the virtual machine ID “VMid-D” of thevirtual server “D” 21-1 to a part or whole of the MAC address field ofthe virtual server “D” 21-1 in case of assigning the MAC address to eachof the virtual servers 21 (21-i, i=1 to n).

(6) Step S306

Also, the IP address assigning section 222 of the virtual switch 22assigns the IP address to each of the virtual servers 21 (21-i, i=1 ton).

(7) Step S307

In case of communication from the virtual server “A” 11-1 to the virtualserver “D” 21-1, in the first physical server 10, the transmission-sidevirtual server “A” 11-1 generates the TCP/IP packet containing “MACDA”-“MAC SA”-“User Data”, and outputs it to the virtual switch 12 as thetransmission packet.

It should be noted that actually, the virtual switch 12 may generate aTCP/IP packet every requesting virtual server 11 in response to a datatransmission request from the transmission-side virtual server 11. Thevirtual switch 12 outputs the transmission packet to the NIC 13. Here,the communication flow monitoring section 14 is not used.

(8) Step S308

The NIC 13 transmits the transmission packet to the physical switch 31in the network.

(9) Step S309

The physical switch 31 transmits the transmission packet to the physicalswitch 32. The physical switch 32 transmits the transmission packet tothe reception-side second physical server 20.

At this time, each of the physical switch 31 and the physical switch 32grasps a network condition by monitoring the MAC-DA/SA field as an MACheader area of the transmission packet. That is, each of the physicalswitch 31 and the physical switch 32 monitors the MAC-DA/SA field of theTCP/IP packet and collects data of the network condition.

(10) Step S310

In the reception-side second physical server 20, the NIC 23 receives andoutputs the transmission packet to the virtual switch 12 as thereception packet. The virtual switch 12 transmits the reception packetto the reception-side virtual server “D” 21-1.

Through the above operation, the communication flow condition betweenthe virtual machines can be grasped in the network by use of the fieldcalled MAC-DA/SA where existing router and switch can grasp.

It should be noted that in the present exemplary embodiment, a case ofassigning the virtual machine ID (VMid) to the MAC address will bedescribed. However, actually, the virtual machine ID (VMid) may beassigned to the IP address. That is, the virtual machine ID (VMid) canbe assigned to at least one of the MAC header and the IP header.

At this time, it is technically possible to assign the transmission-sidevirtual machine ID (VMid) to the transmission-side MAC address field andassign the reception-side virtual machine ID (VMid) to thereception-side IP address field. Oppositely, it is possible to assignthe transmission-side virtual machine ID (VMid) to the transmission-sideIP address field and assign the reception-side virtual machine ID (VMid)to the reception-side MAC address field.

Fourth Exemplary Embodiment Assignment of Virtual Machine ID (VMid) toIP+MAC Address

Referring to FIG. 8, a case of assigning the virtual machine ID (VMid)to each of the MAC address field, the VLAN tag field and the IP addressfield will be described.

In the fourth exemplary embodiment of the present invention, the virtualmachine ID assigning section assigns ID (VMid) of each of the virtualmachines to a bit space of a part or whole of the MAC address field, apart of whole of the VLAN tag field, and a part of whole of the IPaddress field which the existing router and switch can grasp andidentify, as shown in (1) of FIG. 8.

However, actually, there is a case that the VLAN tag field itself doesnot exist. In case of the communication from the virtual server “A” tothe virtual server “D”, the packet with “MAC DA”, “MAC SA”, “VLAN Tag”,“IP DA”, “IP SA” is transmitted.

That is, in the present exemplary embodiment, flows are grouped based ona plurality of header fields in such a manner that of the header fieldsof the flow are grouped such that the field of transmission destinationidentification data (“MAC DA”, “VLAN Tag”, “IP DA”) indicates thevirtual machine ID of the virtual server “D”, and such that the field oftransmission source identification data (“MAC SA”, “VLAN Tag”, “IP SA”)indicates the virtual machine ID of the virtual server “A”.

Specifically, it is as follows. For example, in case of thecommunication from the virtual server “A” to the virtual server “D”, thetransmission-side physical server transmits as TCP/IP packet, a packetcontaining a part or whole of the MAC address field, a part or whole ofthe VLAN tag field, and a part or whole of the IP address fieldcorresponding to the virtual machine ID which is assigned to each of thevirtual servers “A” and the virtual servers “D”.

The relay physical switch grasps a network condition by monitoring thefields of the transmission destination identification data (“MAC DA”,“VLAN Tag”, “IP DA”) and the transmission source identification data(“MAC SA”, “VLAN Tag”, “IP SA”) in the header field of the flow, thatis, a combination of the MAC address field, the VLAN tag field and theIP address field, of the TCP/IP packet.

That is, the relay physical switch monitors a combination of the MACaddress field, the VLAN tag field and the IP address field of the TCP/IPpacket and collects data of the network condition.

The reception-side physical server transmits the received packet to thereception-side virtual server “D”.

While in the third exemplary embodiment, the virtual machine ID isincorporated into only the MAC address assigned to each of the virtualservers in advance, in the fourth exemplary embodiment, the virtualmachine ID is incorporated into only the MAC address and the IP addressassigned to each of the virtual servers in advance, and the transmissionpacket is generated by using the MAC address, the VLAN tag, and the IPaddress in the transmission. It should be noted that it is possible notto provide the VLAN tag for the transmission packet.

FIG. 9 is a sequence diagram showing the communication flow control inthe fourth exemplary embodiment of the present invention.

(1) Step S401

In the first physical server 10 shown in FIG. 1, the virtual machine IDassigning section 121 of the virtual switch 12 assigns the virtualmachine ID to each of the virtual servers 11 (11-i, i=1 to n).

(2) Step S402

In case of assigning the MAC address to each of the virtual servers 11(11-i, i=1 to n), the MAC address assigning section 122 of the virtualswitch 12 assigns the MAC address using the virtual machine ID “VMid-A”of the virtual server “A” 11-1 to a part or whole of the MAC addressfield of the virtual server “A” 11-1.

(3) Step S403

In case of assigning the IP address to each of the virtual (11-i, i=1 ton), the IP address assigning section 122 of the virtual switch 12assigns the IP address using the virtual machine ID “VMid-A” of thevirtual server “A” 11-1 to a part or whole of the IP address field ofthe virtual server “A” 11-1.

(4) Step S404

In the same way, in the second physical server 20, the virtual machineID assigning section 221 of the virtual switch 22 assigns the virtualmachine ID to each of the virtual servers 21 (21-i, i=1 to n).

(5) Step S405

In case of assigning the MAC address to each of the virtual servers 21(21-i, i=1 to n), the MAC address assigning section 222 of the virtualswitch 22 assigns the MAC address using the virtual machine ID “VMid-D”of the virtual server “D” 21-1 to a part or whole of the MAC addressfield of the virtual server “D” 21-1.

(6) Step S406

In case of assigning the IP address to each the virtual servers 21(21-i, i=1 to n), the IP address assigning section 222 of the virtualswitch 22 assigns the IP address using the virtual machine ID “VMid-D”of the virtual server “D” 21-1 to a part or whole of the IP addressfield of the virtual server “D” 21-1.

(7) Step S407

In case of the communication from the virtual server “A” 11-1 to thevirtual server “D” 21-1, in the first physical server 10, thetransmission-side virtual server “A” 11-1 generates a TCP/IP packetcontaining “MAC DA”-“MAC SA”-“VLAN Tag”-“VLAN Tag”-“IP DA”-“IP SA”-“UserData”, and outputs TCP/IP packet to the virtual switch 12 as thetransmission packet.

It should be noted that actually, the virtual switch 12 may generateTCP/IP packet every requesting virtual server 11 in response to the datatransmission request from the transmission-side virtual server 11. Also,actually, there is a case that the VLAN tag field “VLAN Tag” does notexist. The virtual switch 12 outputs the transmission packet to the NIC13. Here, the communication flow monitoring section 14 is not used.

(8) Step S408

The NIC 13 transmits the transmission packet to the physical switch 31to the network.

(9) Step S409

The physical switch 31 transmits the transmission packet to the physicalswitch 32. The physical switch 32 transmits the transmission packet tothe reception-side second physical server 20.

At this time, each of the physical switch 31 and the physical switch 32grasps the network condition by monitoring a combination of the MACaddress field, the VLAN tag field and the IP address field of thetransmission packet. That is, each of the physical switch 31 and thephysical switch 32 monitors the combination of the MAC address field,the VLAN tag field and the IP address field of the TCP/IP packet andcollects data of the network condition.

(10) Step S410

In the reception-side second physical server 20, the NIC 23 receives thetransmission packet and outputs it to the virtual switch 12 as thereception packet. The virtual switch 12 transmits the reception packetto the reception-side virtual server “D” 21-1.

Through the above operation, the communication flow condition betweenthe virtual machines can be grasped in the network by using the field ofthe transmission destination identification data (“MAC DA”, “VLAN Tag”,“IP DA”) and the transmission source identification data (“MAC SA”,“VLAN Tag”, “IP SA”) as the header area of the flow, that is, the fieldwhere the existing router and switch can grasp and identify.

Fifth Exemplary Embodiment Use of Virtual NW ID

Referring to FIG. 10 and FIG. 11, a case of using a VPN (Virtual PrivateNetwork) ID and the VLAN ID as the ID of a virtual network (NW) will bedescribed. Here, the VPN ID (VPNid) will be described by using it as anexample.

In FIG. 10, in a data center of multi-tenant environment as an exampleof the use environment of the inter-virtual-server communicationidentifying system, the environment connected to the data center througha VPN router from a plurality of VPNs is shown.

As shown in FIG. 10, the inter-virtual-server communication identifyingsystem of the present invention contains the first physical server 10,the second physical server 20, the network 30 and a virtual network 40.

The first physical server 10, the second physical server 20 and thenetwork 30 are basically same as those of shown in FIG. 1. Here, thesecond physical server 20 is a server in the data center of multi-tenantenvironment. Also, as an example of the virtual servers 21 (21-i, i=1 ton), the virtual server “D1” 21-4, the virtual server “D2” 21-5 and thevirtual server “D3” 21-6 are shown. The virtual server “D1” 21-4, thevirtual server “D2” 21-5 and the virtual server “D3” 21-6 are equivalentrespectively to the virtual servers “D” 21-1 shown in FIG. 1.

The virtual network 40 contains a VPN router 41, a VPN router 42, a VPNrouter 43 and a VPN router 44.

The VPN router 41 is connected with the physical switch 32. The VPNrouter 42 is connected with a server which is equivalent to the virtualserver “D” 21-1 shown in FIG. 1, of the servers in the data center ofmulti-tenant environment. Here, the VPN router 42 is connected with thesecond physical ver 20. The VPN router 43 is connected with a serverwhich is equivalent to the virtual server “E” 21-2 shown in FIG. 1, ofthe servers in the data center of multi-tenant environment. The VPNrouter 44 is connected with a server which is equivalent to the virtualserver “F” 21-3 shown in FIG. 1, of the servers in the data center ofmulti-tenant environment.

In the fifth exemplary embodiment of the present invention, the virtualmachine ID is assigned to the MAC address and the IP address in advanceby the virtual machine ID assigning section, the MAC address assigningsection and the IP address assigning section.

Thus, the ID of each of the virtual machines can be assigned to a bitspace of a part or whole of the MAC address field, a part or whole ofthe VLAN tag field, and a part or whole of the IP address field whichthe existing router and switch can grasp and identify.

In case of the communication from the virtual server “A” to the virtualserver “D”, a packet assigned with “MAC DA”, “MAC SA”, “VLAN Tag”, “IPDA”, and “IP SA” is transmitted.

In other words, in the present exemplary embodiment, a plurality ofheader fields are grouped by supposing that the transmission destinationidentification data (“MAC DA”, “VLAN Tag”, “IP DA”) shows the virtualmachine ID of the virtual server “D” and the transmission sourceidentification data (“MAC DA”, “VLAN Tag”, “IP DA”) shows the virtualmachine ID of the virtual server “A”. However, actually, there is a casethat the VLAN tag field “VLAN Tag” does not exist.

Under multi-tenant environment, when the virtual server “A” (VMid-A) andthe virtual server “B” (VMid-B), which are the virtual servers in theidentical server, belong to the different tenants, the communication ispossible without address collision, because the communication is carriedout in an address space of the plurality of headers even under thesituation that the same private IP address is assigned to the virtualserver “A” (VMid-A), and the virtual server “B” (VMid-B).

Specifically, it is as follows. For example, in case of thecommunication from the virtual server “A” to the virtual server “D”, thetransmission-side physical server transmits as the TCP/IP packet, apacket containing the transmission destination identification data (“MACDA”, “VLAN Tag”, “IP DA”) and the transmission source identificationdata (“MAC SA”, “VLAN Tag”, “IP SA”), corresponding to the virtualmachine IDs assigned to the virtual server “A” and the virtual server“D”, as shown in (1) of FIG. 11. At this time, the header field isencoded by using a part or whole of the MAC address field, a part orwhole of the VLAN tag field, a part or whole of the IP address field forappropriately.

The relay physical switch grasps the network condition by monitoring thefields of the transmission destination identification data (“MAC DA”,“VLAN Tag”, “IP DA”) and of the transmission source identification data(“MAC SA”, “VLAN Tag”, “IP SA”) in the header field of the flow of theTCP/IP packets. That is, the relay physical switch monitors acombination of the transmission destination identification data and thetransmission source identification data of the TCP/IP packet andcollects data of the network condition.

Moreover, in the VPN router which accommodates a plurality of VPNs, itis required to identify which of the VPNs connected with users thepacket should be transferred. For the identification, the VPN ID (VPNid)is recognized from a whole ID space (“MAC DA”, “VLAN Tag”, “IP DA”), andthe destination of the packet is changed in the VPN router. There are aplurality of methods in the transmitting method in the VPN router, butbasically, it is the encapsulated packet containing the VPNid. As thetransmitting method of a packet, there are a “layer 2 encapsulationmethod” and a “layer 3 encapsulation method” and so on.

In the “layer 2 encapsulation method”, layer 2 packet field (“MAC DA”,“MAC SA”, “VLAN Tag”, “IP DA”, “IP SA”, “User Data”) of the receivedpacket is encapsulated just as it is and the encapsulated packet withthe VPNid is transferred.

In the “layer 3 encapsulation method”, only IP layer (IP layer) field(“IP DA”, “IP SA”, “User Data”) of the received packet is encapsulatedand the encapsulated packet with the VPNid is transferred.

The attention points to allow the VMid to be saved in End-to-End in eachmethod will be described below.

(a) In case of the layer 2 encapsulation method, because all the fieldsof (“MAC DA”, “VLAN Tag”, “IP DA”)-(“MAC SA”, “VLAN Tag”, “IP SA”) arepreserved and there is the VPNid, there is no problem especially.

(b) In case of the layer 3 encapsulation method, the data of the fieldof (“MAC DA”, “VLAN Tag”, or “MAC SA”, “VLAN Tag”) of the fields of(“MAC DA”, “VLAN Tag”, “IP DA”) (“MAC SA”, “VLAN Tag”, “IP SA”) isdegenerated to the VPNid. In case of the layer 3 encapsulation method,End-to-End is dealt with by only the fields of “IP DA” and “IP SA”.

The reception-side physical server transmits the reception packet to thereception-side virtual server “D”.

FIG. 12A and FIG. 12B are a sequence diagram showing the communicationflow control in the fifth exemplary embodiment of the present invention.

(1) Step S501

In the first physical server 10 shown in FIG. 1, the virtual machine IDassigning section 121 of the virtual switch 12 assigns the virtualmachine ID to each of the virtual servers 11 (11-i, i=1 to n)

(2) Step S502

The MAC address assigning section 122 of the virtual switch 12 assignsthe MAC address using the virtual machine ID “VMid-A” of the virtualserver “A” 11-1 to a part or whole of the MAC address field of thevirtual server “A” 11-1, in case of assigning the MAC address to each ofthe virtual servers 11 (11-i, i=1 to n).

(3) Step S503

The IP address assigning section 122 of the virtual switch 12 assignsthe IP address using the virtual machine ID “VMid-A” of the virtualserver “A” 11-1 to a part or whole of the IP address field of thevirtual server “A” 11-1 in case of assigning the IP address to each ofthe virtual servers 11 (11-i, i=1 to n).

(4) Step S504

Similarly, in the second physical server 20, the virtual machine IDassigning section 221 of the virtual switch 22 assigns the virtualmachine ID to each of the virtual servers 21 (21-i, i=1 to n).

(5) Step S505

The MAC address assigning section 222 of also the virtual switch 22assigns the MAC address using the virtual machine ID “VMid-D” of thevirtual server “D” 21-1 to a part or whole of the MAC address field ofthe virtual server “D” 21-1 in case of assigning the MAC address to eachof the virtual servers 21 (21-i, i=1 to n).

(6) Step S506

The IP address assigning section 222 of the virtual switch 22 assignsthe IP address using the virtual machine ID “VMid-D” of the virtualserver “D” 21-1 to a part or whole of the IP address field of thevirtual server “D” 21-1 in case of assigning the IP address to each ofthe virtual servers 21 (21-i, i=1 to n).

(7) Step S507

In the first physical server 10, the transmission-side virtual server“A” 11-1 generates a TCP/IP packet containing “MAC DA”-“MAC SA”-“VLANTag”-“VLAN Tag”-“IP DA”-“IP SA”-“User Data” in case of the communicationfrom the virtual server “A”11-1 to the virtual server “D” 21-1, andoutputs the TCP/IP packet to the virtual switch 12 as the transmissionpacket.

It should be noted that actually, the virtual switch 12 may generate theTCP/IP packet every requesting virtual server 11 in response to the datatransmission request from the transmission-side virtual server 11. Also,actually, there is a case that the VLAN tag field “VLAN Tag” does notexist. The virtual switch 12 outputs the transmission packet to the NIC13. Here, the communication flow monitoring section 14 is not used.

(8) Step S508

The NIC 13 transmits the transmission packet to the physical switch 31in the network.

(9) Step S509

The physical switch 31 transmits the transmission packet to the physicalswitch 32. The physical switch 32 transmits the transmission packet tothe VPN router 41.

At this time, the physical switch 31 and the physical switch 32 graspthe network condition by monitoring the fields of transmissiondestination identification data (“MAC DA”, “VLAN Tag”, “IP DA”) and thetransmission source identification data (“MAC SA”, “VLAN Tag”, “IP SA”)of the transmission packet. That is, the physical switch 31 and thephysical switch 32 monitor a combination of the transmission destinationidentification data and the transmission source identification data ofthe TCP/IP packet and collect data of the network condition.

(10) Step S510

When receiving the transmission packet from the physical switch 32, theVPN router 41 appropriately uses a part or whole of the MAC addressfield, a part or whole of the VLAN tag field, and a part or whole of theIP address field of the transmission packet to carry out encoding, andgenerates the encapsulated packet. Also, the VPN router 41 recognizesthe concerned VPNid from the ID space of the above-mentioned fields anddetermines the encapsulated packet destination. Here, it is supposedthat the ID space in the above-mentioned field corresponds to “theVPNid-D”.

That is, the VPN router 41 adds “the VPNid-D” to the encapsulated packetand then transfers it to the VPN router 42. The “layer 2 encapsulationmethod” and the “layer 3 encapsulation method” which are packettransferring methods as described earlier. The VPN router 42 decodes theencapsulated packet to reproduce it to the transmission packet andtransmits the transmission packet to the second physical server 20.

(11) Step S511

In the reception-side second physical server 20, the NIC 23 receives andoutputs the transmission packet to the virtual switch 12 as thereception packet. The virtual switch 12 determines the virtual server asthe transmission destination of the reception packet based on thecongestion of each of the virtual servers in the second physical server20, a port number specified by the reception packet and so on. Here, thevirtual switch 12 transmits the reception packet to the virtual server“D1” 21-4.

Through the above operation, the communication flow condition betweenthe virtual machines can be grasped in the network by using the fieldscalled (“MAC DA”, “VLAN Tag”, “IP DA”)-(“MAC SA”, “VLAN Tag”, “IP SA”)which the existing router and switch can be grasp. Also, in the VPNrouter, the communication relation of the virtual machine can bemaintained in End-to-End after the appropriate conversion.

Sixth Exemplary Embodiment Use of Group ID

Referring to FIG. 13, a case where the virtual servers are virtuallygrouped into groups such as VLAN and it is made possible to communicateonly between the virtual servers of the identical group will bedescribed.

As shown in FIG. 13, the inter-virtual-server communication identifyingsystem of the present invention provided with the first physical server10, the second physical server 20, the network 30 and the virtualnetwork 40.

The first physical server 10, the second physical server 20 and thenetwork 30 are basically the same as those shown in FIG. 1.

In the present exemplary embodiment, the virtual switch 12 is providedwith a group assigning section 124 in addition to the virtual machine IDassigning section 121, the MAC address assigning section 122, and the IPaddress assigning section 123. Moreover, in the same way, the virtualswitch 22 is provided with a group assigning section 224 in addition tothe virtual machine ID assigning section 221, the MAC address assigningsection 222, and the IP address assigning section 223.

The virtual machine ID assigning section 121, the MAC address assigningsection 122, and the IP address assigning section 123, the virtualmachine ID assigning section 221, the MAC address assigning section 222and the IP address assigning section 223 are basically the same as thoseshown in FIG. 1.

The group assigning section 124 assigns a group ID to each of thevirtual servers 11 (11-i, i=1 to n) to show the VLAN group to which thevirtual server 11 (11-i, i=1 to n) belongs. In the same way, the groupassigning section 224 assigns a group ID to each of the virtual servers21 (21-i, i=1 to n) to show the VLAN group to which the virtual server21 (21-i, i=1 to n) belongs. Here, the VLAN ID is assumed as the groupID.

It should be noted that it is supposed that the MAC address, the IPaddress, and the group ID are assigned to each of virtual server 11(11-i, i=1 to n) in advance. In the other exemplary embodiments, thesame can be applied.

In FIG. 13, it is supposed that the group ID of a first VLAN group is“GP-1”, and the group ID of a second VLAN group is “GP-2”.

It is supposed that the virtual server “A” 11-1, the virtual server “B”11-2, the virtual server “D” 21-1, the virtual server “E” 21-2 belong toa first VLAN group “GP-1”.

Also, it is supposed that the virtual server “C” 11-3 and the virtualserver “F” 21-3 belong to a second VLAN group “GP-2”.

At this time, it is possible for the virtual server “A” 11-1, thevirtual server “B” 11-2, the virtual server “D” 21-1 and the virtualserver “E” 21-2 to communicate to each other. However, the virtualserver “C” 11-3 and the virtual server “F” 21-3 can not communicatebecause the VLAN groups are different.

Referring to FIG. 14, a case where the group ID (VLAN ID) is containedin the packet will be described.

The group ID is assigned to the VLAN tag field by the virtual serverwhen the transmission packet is transmitted onto the network.

The allocation of the virtual machine ID to the transmission packetfollows the other exemplary embodiments. In this case, it is supposedthat the virtual machine ID (destination ID) of the transmissiondestination virtual server and the virtual machine ID (Source ID) of thetransmission source virtual server are assigned to at least one field ofthe MAC address field, the VLAN tag field, and the IF address field. Itshould be noted that although it is desirable that these virtual machineIDs are assigned to the identical field, they may be assigned to thefields which are different.

Relation of Exemplary Embodiments

It should be noted that the above-mentioned exemplary embodiments may beimplemented by combining them.

(Generalization)

As mentioned above, the present invention has a feature that in theinter-virtual-server communication identifying system between aplurality of logical servers operating on physical servers, a mechanismis provided to grasp the communication setting in End-to-End between thelogical servers, the communication identifying, the performancemonitoring, the End-to-End failure diagnostic, and so on.

In the present invention, the following advantages are attained.

The first effect is in that the communication condition between thevirtual machines can be grasped in the environment that contains theexisting switch and router, because the header field of a conventionalpacket is used to encode the ID space of the virtual machine.

The second effect is in that the communication condition between thevirtual machines can be grasped in the environment that contains theexisting switch and router, because the plurality of fields of theconventional packet header are recognized as the ID space of the virtualmachine.

The third effect is in that it is possible to carry out a communicationeven if the IP addresses assigned to the virtual machines in amulti-tenant environment are same, because the plurality of fields ofthe conventional packet header are recognized as the ID space of thevirtual machine.

(Supplementary Note)

It is possible to describe a part or whole of the above-mentionedexemplary embodiments as the following supplementary notes. However, thepresent invention is not limited to the following examples.

(Supplementary Note 1)

A storage medium which stores a program to make a computer execute thesteps of:

controlling a communication of a virtual server assigned with a virtualmachine ID (identifier); and

transmitting on a network, a transmission packet which the virtualmachine ID is assigned to at least a part of a bit space of a fieldother than a data field of the transmission packet in a form of TCP/IP(Transmission Control Protocol/Internet Protocol) packet, in case of acommunication between the virtual server and another virtual serverthrough the network.

(Supplementary Note 2)

The storage medium according to supplementary note 1, which stores aprogram to make a computer execute the steps of:

inserting a VLAN tag field which contains the virtual machine ID intothe transmission packet when transmitting the transmission packet ontothe network; and

removing the VLAN tag field of a reception packet from the network totransmit to the virtual server.

(Supplementary Note 3)

The storage medium according to supplementary note 1 or 2, which storesa program to make the computer further execute the step of:

converting at least a part of an address field in a header field of thetransmission packet which changes into the virtual machine ID, whentransmitting the transmission packet onto the network.

(Supplementary Note 4)

The storage medium according to any of supplementary notes 1 to 3, whichstores a program to make a computer further execute the steps of:

incorporating the reception-side virtual machine ID into at least one ofthe MAC address and the IP address and assigning the MAC address and theIP address to the virtual server, and

assigning the MAC address to a MAC address field of the transmissionpacket and the IP address to an IP address field in the transmissionpacket, when generating the transmission packet.

(Supplementary Note 5)

The storage medium according to supplementary note 4, which stores aprogram to make a computer further execute the step of:

assigning said virtual machine ID to the virtual server; and

further assigning the virtual machine ID to the VLAN tag field of thetransmission packet, when generating the transmission packet.

(Supplementary Note 6)

The storage medium according to any of supplementary notes 1 to 5, whichstores a program to make a computer further execute the steps of:

assigning the VLAN ID to said virtual server as a group ID,

assigning the VLAN ID to the VLAN tag field of the transmission packet,when the VLAN ID assigned to said virtual server as the group ID is sameas the VLAN ID assigned to said reception-side virtual server as thegroup ID.

The exemplary embodiments of the present invention have been described.However, the present invention is not limited to the above-mentionedexemplary embodiments and various modifications are contained in thepresent invention in a range not deviating from the spirit of thepresent invention.

It should be noted that Insisting on the priority which is based onJapan application number 2009-218693 by this application and elucidationcontents about Japan application number 2009-213693 are incorporatedinto this application by the quotation.

The invention claimed is:
 1. An inter-virtual-server communicationidentifying system comprising: a reception-side physical serverconfigured to assign a reception-side virtual machine ID (identifier) toa reception-side virtual server; a transmission-side physical serverconfigured to assign a transmission-side virtual machine ID to atransmission-side virtual server, assign the reception-side virtualmachine ID and the transmission-side virtual machine ID to at least apart of a bit space of a field other than a data field of a transmissionpacket in a form of a TCP/IP (Transmission Control Protocol/InternetProtocol) packet, when generating the transmission packet from saidtransmission-side virtual server to said reception-side virtual server,and transmit the transmission packet; and a physical switch provided ona network connecting said transmission-side physical server and saidreception-side physical server, and configured to identify thetransmission packet based on the reception-side virtual machine ID andthe transmission-side virtual machine ID which are contained in the bitspace, when relaying the transmission packet between saidtransmission-side physical server and said reception-side physicalserver, and collect data indicating a network condition.
 2. Theinter-virtual-server communication identifying system according to claim1, wherein said transmission-side physical server comprises: a VLAN taginserting section configured to insert a VLAN (Virtual Local AreaNetwork) tag field which contains the reception-side virtual machine IDand the transmission-side virtual machine ID, in the transmissionpacket, and wherein said reception-side physical server comprises: aVLAN tag removing section configured to remove the VLAN tag field fromthe transmission packet when receiving the transmission packet.
 3. Theinter-virtual-server communication identifying system according to claim1, wherein said transmission-side physical server comprises: a headerconverting section configured to convert at least a part of areception-side address field of a header field of the transmissionpacket to the reception-side virtual machine ID, and convert at least apart of a transmission-side address field thereof into thetransmission-side virtual machine ID.
 4. The inter-virtual-servercommunication identifying system according to claim 1, wherein saidreception-side physical server comprises: a reception-side addressassigning section configured to incorporate the reception-side virtualmachine ID into at least one of a reception-side MAC (Media AccessControl) address and a reception-side IP (Internet Protocol) address,and assign the reception-side MAC address and the reception-side IPaddress to said reception-side virtual server, wherein saidtransmission-side physical server comprises: a transmission-side addressassigning section configured to incorporate the transmission-sidevirtual machine ID into at least one of the transmission-side MACaddress and the transmission-side IP address, and assign thetransmission-side MAC address and the transmission-side IP address tosaid transmission-side virtual server, and wherein saidtransmission-side virtual server assigns the reception-side MAC addressand a transmission-side MAC address to a MAC address field of thetransmission packet, and assigns the reception-side IP address and atransmission-side IP address to an IP address field of the transmissionpacket, when generating the transmission packet.
 5. Theinter-virtual-server communication identifying system according to claim4, wherein said reception-side physical server further comprises: avirtual machine ID assigning section configured to assign thereception-side virtual machine ID to said reception-side virtual server,wherein said transmission-side physical server further comprises: avirtual machine ID assigning section configured to assign thetransmission-side virtual machine ID to said transmission-side virtualserver, and wherein said transmission-side virtual server assigns thereception-side virtual machine ID and the transmission-side virtualmachine ID to a VLAN tag field of the transmission packet.
 6. Theinter-virtual-server communication identifying system according to claim1, further comprising: a VPN router provided on said network connectingsaid transmission-side physical server and said reception-side physicalserver, and configured to receive the transmission packet, determine aVPN (Virtual Private Network) ID based on a bit space of a total fieldof the MAC address field, the IP address field, and the VLAN tag fieldin the transmission packet, changes a destination of the transmissionpacket, and generate and transmit an encapsulated packet added with theVPN ID.
 7. The inter-virtual-server communication identifying systemaccording to claim 1, wherein said reception-side physical servercomprises: a reception-side group assigning section configured to assignthe VLAN ID to said reception-side virtual server as a group ID, whereinsaid transmission-side physical server comprises: a transmission-sidegroup assigning section configured to assign the VLAN ID to saidtransmission-side virtual server as the group ID, and wherein saidtransmission-side virtual server assigns the VLAN ID to the VLAN tagfield of the transmission packet when the VLAN IDs assigned to saidtransmission-side virtual server and said reception-side virtual serveras the group IDs are same.
 8. A computer used as either of saidreception-side physical server and said transmission-side physicalserver in the inter-virtual-server communication identifying systemaccording to claim
 1. 9. A physical server comprising: a virtual serverassigned with a virtual machine ID (Virtual Machine identifier); avirtual switch configured to control a communication of said virtualserver, and output a transmission packet in a form of a TCP/IP(Transmission Control Protocol/Internet Protocol) packet, in a case of acommunication between said virtual server and another virtual serverthrough a network; a communication flow monitoring section configured toassign the virtual machine ID to at least a part of a bit space of afield other than a data field of a transmission packet; and an NIC(Network Interface Card) configured to transmit said transmission packetonto said network, wherein said communication flow monitoring sectioncomprises: a VLAN tag inserting section configured to insert a VLAN(Virtual Local Area Network) tag field containing the virtual machine IDinto the transmission packet in a case of transmitting the transmissionpacket onto said network; and a VLAN tag removing section configured toremove the VLAN tag field of the reception packet on said network totransmit to said virtual server.
 10. A physical server comprising: avirtual server assigned with a virtual machine ID (Virtual Machineidentifier); a virtual switch configured to control a communication ofsaid virtual server, and output a transmission packet in a form of aTCP/IP (Transmission Control Protocol/Internet Protocol) packet, in acase of a communication between said virtual server and another virtualserver through a network; a communication flow monitoring sectionconfigured to assign the virtual machine ID to at least a part of a bitspace of a field other than a data field of a transmission packet; andan NIC (Network Interface Card) configured to transmit said transmissionpacket onto said network, wherein said communication flow monitoringsection comprises: a header converting section configured to convert atleast a part of an address field in a header field of the transmissionpacket into the virtual machine ID in a case of transmitting thetransmission packet onto said network.
 11. A physical server comprising:a virtual server assigned with a virtual machine ID (Virtual Machineidentifier); a virtual switch configured to control a communication ofsaid virtual server, and output a transmission packet in a form of aTCP/IP (Transmission Control Protocol/Internet Protocol) packet, in acase of a communication between said virtual server and another virtualserver through a network; a communication flow monitoring sectionconfigured to assign the virtual machine ID to at least a part of a bitspace of a field other than a data field of a transmission packet; andan NIC (Network Interface Card) configured to transmit said transmissionpacket onto said network, wherein said virtual switch comprises: anaddress assigning section configured to incorporate the reception-sidevirtual machine ID into at least one of a MAC (Media Access Control)address and an IP (Internet Protocol) address and assign the MAC addressand the IP address to said virtual server, and wherein said virtualserver assigns the MAC address to a MAC address field of thetransmission packet and the IP address to an IP address field of thetransmission packet, when generating the transmission packet.
 12. Thephysical server according to claim 11, wherein said virtual switchfurther comprises a virtual machine ID assigning section configured toassign the virtual machine ID to said virtual server, and wherein saidvirtual server assigns the virtual machine ID to the VLAN tag field ofthe transmission packet when generating the transmission packet.
 13. Aphysical server comprising: a virtual server assigned with a virtualmachine ID (Virtual Machine identifier); a virtual switch configured tocontrol a communication of said virtual server, and output atransmission packet in a form of a TCP/IP (Transmission ControlProtocol/Internet Protocol) packet, in a case of a communication betweensaid virtual server and another virtual server through a network; acommunication flow monitoring section configured to assign the virtualmachine ID to at least a part of a bit space of a field other than adata field of a transmission packet; an NIC (Network Interface Card)configured to transmit said transmission packet onto said network; and agroup assigning section configured to assign a VLAN (Virtual Local AreaNetwork) ID to said virtual server as a group ID, wherein said virtualserver assigns the VLAN ID to the VLAN tag field of the transmissionpacket, when the VLAN ID assigned to said virtual server as the group IDis same as the VLAN ID assigned to said reception-side virtual server asthe group ID.
 14. An inter-virtual-server communication identifyingmethod comprising: assigning a reception-side virtual machine ID(identifier) to a reception-side virtual server by a reception-sidephysical server; assigning a transmission-side virtual machine ID to atransmission-side virtual server by a transmission-side physical server;transmitting a transmission packet by assigning the reception-sidevirtual machine ID and the transmission-side virtual machine ID to atleast a part of a bit space of a field other than a data field of thetransmission packet in a form of a TCP/IP (Transmission ControlProtocol/Internet Protocol) packet, when generating the transmissionpacket from said transmission-side virtual server to said reception-sidevirtual server; and identifying the transmission packet based on thereception-side virtual machine ID and the transmission-side virtualmachine ID which are contained in the bit space, to collect dataindicating a network condition, by a physical switch provided on anetwork connecting said transmission-side physical server and saidreception-side physical server, when relaying the transmission packetbetween the transmission-side physical server and said reception-sidephysical server.
 15. The inter-virtual-server communication identifyingmethod according to claim 14, further comprising: inserting a VLAN(Virtual Local Area Network) tag field which contains the reception-sidevirtual machine ID and the transmission-side virtual machine ID, intothe transmission packet by the transmission-side physical server; andremoving the VLAN tag field from the transmission packet when receivingthe transmission packet by said reception-side physical server.
 16. Theinter-virtual-server communication identifying method according to claim14, further comprising: converting at least a part of a reception-sideaddress field of a header field of the transmission packet into thereception-side virtual machine ID and at least a part of atransmission-side address field into the transmission-side virtualmachine ID thereof, by said transmission-side physical server.
 17. Theinter-virtual-server communication identifying method according to claim14, further comprising: incorporating the reception-side virtual machineID into one at least one of a reception-side MAC (Media Access Control)address and a reception-side IP (Internet Protocol) address by saidreception-side physical server, and assigning the reception-side MACaddress and the reception-side IP address to said reception-side virtualserver; incorporating the transmission-side virtual machine ID into atleast one of a transmission-side MAC address and a transmission-side IPaddress by said transmission-side physical server, and assigning thetransmission-side MAC address and the transmission-side IP address tosaid transmission-side virtual server; and assigning the reception-sideMAC address and the transmission-side MAC address to the MAC addressfield of the transmission packet and the reception-side IP address andthe transmission-side IP address to the IP address field of thetransmission packet by said transmission-side virtual server, whengenerating the transmission packet.
 18. The inter-virtual-servercommunication identifying method according to claim 17, furthercomprising: assigning the reception-side virtual machine ID to saidreception-side virtual server by said reception-side physical server;assigning the transmission-side virtual machine ID to saidtransmission-side virtual server by said transmission-side physicalserver; and assigning the reception-side virtual machine ID and thetransmission-side virtual machine ID to a VLAN (Virtual Local AreaNetwork) tag field of the transmission packet, when generating thetransmission packet by said transmission-side virtual server.
 19. Theinter-virtual-server communication identifying method according to claim14, further comprising: receiving the transmission packet by a VPN(Virtual Private Network) router which is provided on the networkconnecting said transmission-side physical server and saidreception-side physical server, determining a VPN ID based on the bitspace of a total field of the MAC address field, a VLAN (Virtual LocalArea Network) tag field and the IP address field of the transmissionpacket, changing a destination of the transmission packet, andgenerating and transmitting an encapsulated packet in which the VPN IDis added to the transmission packet.
 20. The inter-virtual-servercommunication identifying method according to claim 14, furthercomprising: assigning a VLAN (Virtual Local Area Network) ID to saidreception-side virtual server as a group ID by said reception-sidephysical server; assigning the VLAN ID to said transmission-side virtualserver as the group ID by said transmission-side physical server;assigning the VLAN ID to the VLAN tag field of the transmission packetby said transmission-side virtual server, when the VLAN ID assigned tosaid transmission-side virtual server and the VLAN ID assigned to saidreception-side virtual server as the group IDs are same.
 21. Anon-transitory computer-readable storage medium which stores acomputer-executable program code to attain an inter-virtual-servercommunication identifying method, said method comprising: assigning areception-side virtual machine ID (identifier) to a reception-sidevirtual server by a reception-side physical server; assigning atransmission-side virtual machine ID to a transmission-side virtualserver by a transmission-side physical server; transmitting atransmission packet by assigning the reception-side virtual machine IDand the transmission-side virtual machine ID to at least a part of a bitspace of a field other than a data field of the transmission packet in aform of a TCP/IP (Transmission Control Protocol/Internet Protocol)packet, when generating the transmission packet from saidtransmission-side virtual server to said reception-side virtual server;and identifying the transmission packet based on the reception-sidevirtual machine ID and the transmission-side virtual machine ID whichare contained in the bit space, to collect data indicating a networkcondition, by a physical switch provided on a network connecting saidtransmission-side physical server and said reception-side physicalserver, when relaying the transmission packet between thetransmission-side physical server and said reception-side physicalserver.
 22. A server, comprising: a virtual identifier assigning sectionto assign a first virtual network an identifier of a virtual machineoperating on the server; and a network interface to transmit a packetincluding a Layer 2 header information which includes the first virtualnetwork identifier of the virtual machine, wherein the network interfacetransmits the packet to a packet encapsulate section which encapsulatesa packet field including the Layer 2 header information with a secondvirtual network identifier representing a virtual network to which thevirtual machine belongs.
 23. The server according to claim 22, furthercomprising: a receiver to receive the packet such that the secondvirtual network identifier is removed at the packet encapsulate section,wherein the network interface transmits the received packet to thevirtual machine corresponding to the first virtual network identifiercontained in the packet.
 24. A system, comprising: a virtual identifierassigning section to assign a first virtual network identifier of avirtual machine operating on a server; and a network interface totransmit a packet including a Layer 2 header information which includesthe first virtual network identifier of the virtual machine, wherein thenetwork interface transmits the packet to a packet encapsulate sectionwhich encapsulates a packet field including the Layer 2 headerinformation with a second virtual network identifier representing avirtual network to which the virtual machine belongs.
 25. The systemaccording to claim 24, further comprising: a receiver to receive thepacket such that the second virtual network identifier is removed at thepacket encapsulate section, wherein the network interface transmits thereceived packet to the virtual machine corresponding to the firstvirtual network identifier contained in the packet.
 26. A method,comprising: assigning a first virtual network identifier of a virtualmachine operating on a server; and transmitting a packet including aLayer 2 header information which includes the first virtual networkidentifier of the virtual machine, wherein the packet is transmitted toa packet encapsulate section which encapsulates a packet field includingthe Layer 2 header information with a second virtual network identifierrepresenting a virtual network to which the virtual machine belongs. 27.The method according to claim 26, further comprising: receiving thepacket such that the second virtual network identifier is removed at thepacket encapsulate section; and transmitting the received packet to thevirtual machine corresponding to the first virtual network identifiercontained in the packet.
 28. A network device, comprising: a receiver toreceive a packet including a Layer 2 header information which includes afirst virtual network identifier of a virtual machine operating on aserver; and a tag insertion section to encapsulate a packet fieldincluding the Layer 2 header information with a second virtual networkidentifier representing a virtual network to which the virtual machinebelongs.
 29. A method, comprising: receiving a packet including a Layer2 header information which includes a first virtual network identifierof a virtual machine operating on a server; and encapsulating a packetfield including the Layer 2 header information with a second virtualnetwork identifier representing a virtual network to which the virtualmachine belongs.